Sunday, November 24, 2024
HomeCryptocurrencyReport reveals how this hacking group went from crypto attacks to targeting defence sector
Cryptocurrency

Report reveals how this hacking group went from crypto attacks to targeting defence sector

no commentAfricadeathnoteKasperskylazaruspdfskype


Kaspersky has conducted an investigation into DeathNote, a cluster belonging to the notorious Lazarus group, which has undergone a significant transformation in recent years.

 

Beginning with cryptocurrency-related attacks in 2019, by the end of 2022, DeathNote was responsible for targeted campaigns against IT and defence companies in Europe, Latin America, South Korea, and Africa. The latest report from Kaspersky tracks the evolution of DeathNote’s targets and the development of its tools, techniques, and procedures over the past four years.

The report shows how Lazarus’ DeathNote cluster has moved beyond crypto attacks to focus on the defence sector with upgraded capabilities.

 

Kaspersky discovered a change in the DeathNote cluster’s infection methods in April 2020. The cluster began targeting automotive and academic organisations in Eastern Europe related to the defence industry by using the remote template injection technique and Trojanized open-source PDF viewer software.

Expand

The actor also switched all decoy documents related to job descriptions from defence contractors and diplomatic-related ones. In May 2021, an IT company in Europe was compromised, and in early June 2021, the Lazarus subgroup began using a new mechanism to infect targets in South Korea.

 

In 2022, Kaspersky found that the cluster was responsible for attacks on a defence contractor in Latin America using a Trojanized PDF reader with a crafted PDF file and a side-loading technique sent via Skype messenger, successfully breached a defence contractor in Africa.

The DeathNote cluster has evolved significantly since its discovery in 2015, with new modules and capabilities added over time. The malware is highly effective in evading detection by antivirus software due to its ability to customise payloads based on specific objectives and targets. Kaspersky recommends maintaining vigilance and taking proactive measures to defend against the Lazarus group’s malicious activities.

To avoid targeted attacks, conduct cybersecurity audits, train employees in basic cybersecurity hygiene, download software only from trusted sources, use EDR for timely incident detection and response, and adopt anti-fraud solutions to protect cryptocurrency transactions. Kaspersky Managed Detection and Response offer threat-hunting capabilities against targeted attacks.

 



Source link

Tags :AfricadeathnoteKasperskylazaruspdfskype
add a comment

Leave a Response

You Might Also Like